(Loose notes from a conversation with djvj:) At the moment, we can't reliably walk the stack when we're executing Baseline IC stubs. At any given point in the generated code, we don't know what the offset between the start of the frame and the current stack pointer is so we can't get to the actual frame pointer / activation start which is where we'll want to start walking from. This is due to the ad-hoc register allocation that's used when the stub code is created using MacroAssembler. We'll be able to solve it once we go through CacheIR for these stubs: Once Baseline IC stubs are fully converted over to use CacheIR, we will have consistent register tracking, and we can teach CacheIR to generate stack maps for the code that it emits. Then, whenever we sample and the current leaf address falls within one of the generated stubs, we can use those stack maps to look up the offset between the start of the frame and the current stack pointer and walk the stack reliably.

Alternatively, if the frame pointer is preserved (bug 1426134), the profiler could just use that.